diff options
author | John W. Linville <linville@tuxdriver.com> | 2014-01-06 14:08:41 -0500 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2014-01-06 14:08:41 -0500 |
commit | 9d1cd503c7618d2eb00746fa1ebb06a723e108b4 (patch) | |
tree | 53a1e729bf936ff861a55f6751d61733fff1434b /net/wireless | |
parent | c8bf40ad4f8f5d26f6744020ad51be420a707385 (diff) | |
parent | b7e047358449f8eb5cba8197b42280b676b82e54 (diff) | |
download | kernel-common-9d1cd503c7618d2eb00746fa1ebb06a723e108b4.tar.gz kernel-common-9d1cd503c7618d2eb00746fa1ebb06a723e108b4.tar.bz2 kernel-common-9d1cd503c7618d2eb00746fa1ebb06a723e108b4.zip |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
Diffstat (limited to 'net/wireless')
-rw-r--r-- | net/wireless/radiotap.c | 4 | ||||
-rw-r--r-- | net/wireless/sme.c | 22 |
2 files changed, 16 insertions, 10 deletions
diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c index a271c27fac77..722da616438c 100644 --- a/net/wireless/radiotap.c +++ b/net/wireless/radiotap.c @@ -124,6 +124,10 @@ int ieee80211_radiotap_iterator_init( /* find payload start allowing for extended bitmap(s) */ if (iterator->_bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT)) { + if ((unsigned long)iterator->_arg - + (unsigned long)iterator->_rtheader + sizeof(uint32_t) > + (unsigned long)iterator->_max_length) + return -EINVAL; while (get_unaligned_le32(iterator->_arg) & (1 << IEEE80211_RADIOTAP_EXT)) { iterator->_arg += sizeof(uint32_t); diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 3f64202358f4..5d6e7bb2fc89 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -632,6 +632,16 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, } #endif + if (!bss && (status == WLAN_STATUS_SUCCESS)) { + WARN_ON_ONCE(!wiphy_to_dev(wdev->wiphy)->ops->connect); + bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid, + wdev->ssid, wdev->ssid_len, + WLAN_CAPABILITY_ESS, + WLAN_CAPABILITY_ESS); + if (bss) + cfg80211_hold_bss(bss_from_pub(bss)); + } + if (wdev->current_bss) { cfg80211_unhold_bss(wdev->current_bss); cfg80211_put_bss(wdev->wiphy, &wdev->current_bss->pub); @@ -649,16 +659,8 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, return; } - if (!bss) { - WARN_ON_ONCE(!wiphy_to_dev(wdev->wiphy)->ops->connect); - bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid, - wdev->ssid, wdev->ssid_len, - WLAN_CAPABILITY_ESS, - WLAN_CAPABILITY_ESS); - if (WARN_ON(!bss)) - return; - cfg80211_hold_bss(bss_from_pub(bss)); - } + if (WARN_ON(!bss)) + return; wdev->current_bss = bss_from_pub(bss); |